Maven virtual registry: cache validity and maven-metadata.xml files
🔥 Problem
In Maven's world, maven-metadata.xml files represent metadata (obvious right) about the registry state. Its primary function is to list the available versions of a given package.
In Maven virtual registries, the cache system has a validity period that defines how much time a cache entry is considered as valid before being checked with the upstream for any updates.
The problem is that this period value can be set to 0, meaning the the virtual registry will never check with upstream for updates. Thus, the cached "version" of the file will be kept around for ever. This could be problematic for metadata files. We can imagine that when a new version is published to the upstream, the metadata file is updated and so if we use the old version of that file, clients will not "see" the newest version.
This situations arises under specific conditions:
- a snapshot dependency is used.
- a non snapshot dependency + a range selector is used:
<!-- Accepts 1.2.3 or any newer version --> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>[1.2.3,)</version> </dependency> - a cache validity period of
0is used.- This is the value that we default to when the upstream being created points to Maven central and the user doesn't pass any specific value.
- a new version of the dependency is published and we want to pull it through the virtual registries.
🚑 Possible workarounds
- Manually delete the target
maven-metadata.xmlfile or - Set a cache validity period other than
0, such as24(hours).
🚒 Solution
- Have two validity periods on the upstream: one for the actual files, one for everything else including API calls (not used for Maven) and metadata responses/files.
- Introduce a new column (default value could be
1or24). That column should not be allowed to be set to0.
- Introduce a new column (default value could be
- Update the Maven handle file request service so that:
- We detect when we have a metadata call. The requested file is
maven-metadata.xml. - Correctly select which cache validity period we should use.
- Apply the existing logic with the selected cache validity
- We detect when we have a metadata call. The requested file is
- Update the related documentation .
Opportunities:
- We could embed the entire change in the model
#stale?function. This way, the service would not need any change.